Hi Richard, Happy new year to the list, BTW.
[EMAIL PROTECTED] wrote:
Since You already have the users level is the Session object, you can have an asp handle the downloads, like this:Can anyone either point out any major problems with this approach, or alternatively (preferably), suggest a better alternative ? In case it makes any difference to peoples ideas/views, I am not using Apache for access control. Users authenticate against a database, then on each page they visit, their user level (taken from the session object) is checked against the access level required for that page.
- check if the user has the required level.
- set $Response->{ContentType} to whatever it is you want
- open the (out of the webroot) file and while reading it, output to the client.
Now with this approach you will avoid the constant back and forth copying of files and
the remote possibility that a user can guess the filename, but there are some drawbacks:
- the ``heavy'' apache mod_perl process will be tied up for the duration of the download, so depending on your setup, the size of the download and the speed of the clients you might need more httpds running. The mod_perl guide can help you more on this - rather large - subject (http://perl.apache.org/docs/1.0/guide/index.html)
I really don't know if the above is a better solution, just a thought.
Regards,
Thanos Chatziathanassiou
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
